We had an inquiry requesting additional information about a SANS NewsBites story (SANS Computer Security Newsletters and Digests) about yhoo32-explr, IM malware. Following up on the NewsBites item for the ISC contributor lead to the following information that might be of interest.
In discussing the actions of yhoo32-explr, FaceTime Security Labs researcher Chris Boyd says (at the spywareguide.com blog) "That's not all - a file is placed on the PC which contacts a URL firing off continually modified commands for the infection. They can change the infection message and the method of infection on the fly. Tailor made messages designed for Yahoo IM, Internet-based chat and IRC? You got it. It even randomly overtypes some of your IM messages as you hit the send button.".
Source information at Facetime.com here.
NewsBites item here Worm Spreads Through Yahoo Messenger (22 May 2006)
May 26th 2006
1 decade ago